Total
1072 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-3547 | 1 Cisco | 4 Asyncos, Content Security Management Appliance, Email Security Appliance and 1 more | 2024-09-16 | 4.3 Medium |
A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because an insecure method is used to mask certain passwords on the web-based management interface. An attacker could exploit this vulnerability by looking at the raw HTML code that is received from the interface. A successful exploit could allow the attacker to obtain some of the passwords configured throughout the interface. | ||||
CVE-2020-10287 | 1 Abb | 4 Irb140, Irb140 Firmware, Irc5 and 1 more | 2024-09-16 | 9.8 Critical |
The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them). | ||||
CVE-2019-4138 | 1 Ibm | 1 Spectrum Control | 2024-09-16 | N/A |
IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 158334. | ||||
CVE-2021-20997 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2024-09-16 | 7.5 High |
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. | ||||
CVE-2021-28171 | 1 Deltaflow Project | 1 Deltaflow | 2024-09-16 | 9.8 Critical |
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie. | ||||
CVE-2017-7547 | 2 Postgresql, Redhat | 3 Postgresql, Enterprise Linux, Rhel Software Collections | 2024-09-16 | N/A |
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. | ||||
CVE-2021-41300 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2024-09-16 | 9.8 Critical |
ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality. | ||||
CVE-2019-3782 | 1 Cloudfoundry | 1 Credhub Cli | 2024-09-16 | 7.8 High |
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user. | ||||
CVE-2022-27544 | 1 Hcltech | 1 Bigfix Platform | 2024-09-16 | 5 Medium |
BigFix Web Reports authorized users may see SMTP credentials in clear text. | ||||
CVE-2019-11284 | 1 Pivotal | 1 Reactor Netty | 2024-09-16 | 8.6 High |
Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to. | ||||
CVE-2018-16987 | 1 Squashtest | 1 Squash Tm | 2024-09-16 | N/A |
Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code. | ||||
CVE-2018-20445 | 1 Dlink | 4 Dcm-604, Dcm-604 Firmware, Dcm-704 and 1 more | 2024-09-16 | 9.8 Critical |
D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests. | ||||
CVE-2017-3760 | 1 Lenovo | 1 Service Framework | 2024-09-16 | N/A |
The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution. | ||||
CVE-2018-18754 | 1 Zyxel | 2 Vmg3312-b10b, Vmg3312-b10b Firmware | 2024-09-16 | N/A |
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. | ||||
CVE-2018-20398 | 1 Skyworthdigital | 10 Cm5100, Cm5100-440, Cm5100-440 Firmware and 7 more | 2024-09-16 | N/A |
Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | ||||
CVE-2018-20396 | 1 Telaum | 4 Ming2120j, Ming2120j Firmware, Ming6300 and 1 more | 2024-09-16 | 9.8 Critical |
NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | ||||
CVE-2019-0032 | 1 Juniper | 2 Service Insight, Service Now | 2024-09-16 | 7.8 High |
A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1. | ||||
CVE-2019-7300 | 1 Articatech | 1 Artica Proxy | 2024-09-16 | N/A |
Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field. | ||||
CVE-2021-0212 | 1 Juniper | 1 Contrail Networking | 2024-09-16 | 5 Medium |
An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31. | ||||
CVE-2018-20443 | 1 Technicolor | 2 Tc7200.d1i, Tc7200.d1i Firmware | 2024-09-16 | N/A |
Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. |